Dima,
Am I to understand that the userid/cn for the cert reference is the
same as the object ID being used in the destination? This is obviously
a problem. This is one of a few scenarios that will yield the user
is not defined properly message. Usually, though, it is an encryption
level problem, where the database specified that the user needs 3des and
only has a des client.
Do you mind letting me know which LDAP, and cert system you are using?
Thanks,
CryptoTech
Dmitry Bukin wrote:
Hi all!I
use FW 4.1I want to establish connection between server
and remote user using IKE with CA.I describe the user.
User has name the same as CN at his certtificate (CN=ntws49). User Authentication
is unknown. Encription is IKE. IKE properties are public key. User
is added to group which has name "sr_grp".The rule
is as below:------------------------------------------------------------------sr_grp@all
ntws59 Any Client Encription
Long------------------------------------------------------------------ntws59
description:ip:X.X.X.59, Location: Internal, Type:Host The
problem. Then I ping ntws59 from ntws49 I view at log next string:-----------------------------------------------------------IKE
log: Phase 1 completionClient Encription: The user
is not defined properlyIKE log: Sent Notification
<phase2 stage1>---------------------------------------------------------------Please
help me to fix this problem. What I do wrong?If you
need informations in addition I present it.Best regards,Dmitry
BukinE-mail: [email protected]
|